Step 3: Setting up the certificate authority

With wireless networks proliferating it is a good idea to understand what it takes to build a VPN for a wireless gateway. Contributor and Microsoft MVP Brien Posey details the necessary steps in this step-by-step guide.

First, I want to walk to walk you through setting up the enterprise certificate authority.

Before I show you how, I want to give you a few words of caution. Installing a certificate authority is not a process to be taken lightly. If someone gains unauthorized access to your certificate authority, they pretty much own your network. Likewise, if a certificate authority server crashes, it can be devastating to your network, because a crash means losing certificates that have been used for encryption and/or authentication. Therefore, you must make sure that the server is as secure as possible and that you perform full system backups frequently. You must also protect your backup tapes so that they are not accidentally compromised.

Install Windows Server 2003 Enterprise Edition onto the server that you will be using as a certificate authority, and join the server to your domain. Once Windows is up and running, select the "Add/Remove Programs" option from the Control Panel and click the "Add/Remove Windows Components" button. Select the "Certificate Services" option from the list of Windows components. When you do, you will see a warning message indicating that after the certificate services are installed, you won't be able to rename the machine or change its group membership. Click "Yes" to acknowledge the warning and then click "Next" to begin installing the certificate authority. The following screen asks you which type of certificate authority that you want to install. Choose the "Enterprise Root CA" option and click "Next." You will now be prompted to enter a common name for the certificate authority that you are creating. You must also select a certificate validity period. The default setting allows certificates to be valid for five years, but you can increase or decrease this time frame according to your own corporate security policy.

Click "Next" and Windows will begin generating cryptographic keys. When the process completes, the wizard will prompt you to enter a location for the certificate database. You can use the default location unless you prefer to place the databases onto a volume with better performance or fault tolerance and click "Next." You will now see a message asking if Windows may restart the IIS services. Click "Yes" and Windows will restart IIS and install the necessary components.

How to create a VPN for your wireless network

 Home: Introduction
 Step 1: Server requirements
 Step 2: Server placement
 Step 3: Setting up the certificate authority
 Step 4: Configuring the authentication server
 Step 5: Configuring the VPN server
 Step 6: Configuring wireless clients

Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at
Copyright 2005 TechTarget

Read more on IT risk management